Blog‎ > ‎

Documentation, Special Ops, Code issues, Tails 2.0, CloudFlare, Iptables

posted Mar 12, 2016, 6:30 AM by Sami Lehtinen   [ updated Mar 12, 2016, 7:01 AM ]
  • Extensive documentation lulz. I wonder why some customers require 'extensive documentation' produced by 'documentation department'. Fact is that that kind of documentation is just what it says it is. It's documentation for documentation. It usually lacks all critical details and is full of screen shots, high level cool hype terms and other utterly meaningless stuff. In one case when I wrote documentation that covered all the essential information, customer said it's not long enough. I asked them, what's missing, and they couldn't come up with a thing. In their face. Of course I could have added tons of BS to the document, but it actually devaluates the documentation. Because it's filled with useless information finding the actual information just becomes much harder. It's actually very nice to see documentation made by professionals which covers everything essential in 30 pages and then documentation made by 'documentation department' which is 900 pages long and doesn't contain any of the information which was fully covered in 30 pages. One classic quote from documentation department documentation. "Now you can see window which asks you to click Ok. Now you can click Ok to continue. The window will close and you'll be prompted with next question." - Thank you for that. What about the cases when it's not ok and something goes wrong and needs troubleshooting? Nope, not a word about that. Thank you for that too.
  • Of course the best documentation is produced by documentation department which hasn't seen or used the product ever. Not for a minute. It's often painfully obvious that the documentation department is just what it is. Documentation is produced because it's required. Often extremely bad documentation can also provide just additional confusion, it would have been much better to get the job done without the documentation at all. I've seen these cases. Several poeple were trying to figure out what the documentation means, it would have been much quicker to completely ignore the documentation and do things based on sane assumptions.
  • Watched a Black Ops documentary series about Special Operations and stuff. Tactics being used and so on. Nothing new really. Pro Tip? It's just better not to get trageted by military elite units. ;) It's very highly probable that it will end badly for you.
  • Wrote extensive report about one application. I went through large set of options. First they claimed I've misconfigured the software and said it was causing serious network bursts. I did reset to default settings, the serious network bursts remained there. Even if those were triggered less often. This just indicated that the initial pattern of the code was seriously 'bursty / bursting' and it wasn't my configuration or code extensions I wrote that were the initial reason for the bursts. I also created a few neat visualizations for them to make this very clear from logs as well as added markers for different configuration options.
  • Tails 2.0 is out - That's awesome. Yet I really really hate their news 'download and install wizard'. It just makes everything really annoyingly complex. I just had a few days a long discussion about documentation and how bloated documentation just can make things unnecessarily complex and slow. - Btw. It's really nice to see that Tails Bittorrent swarm got also IPv6 peers in it. Also the download time is grossly overstated on tails page. Download took under a minute using Bittorrent. Signature verification took less than 10 seconds and the Installation to SSD from SSD also took less than 10 seconds. To be exact the installation took 4.6 seconds (including sync). Of course these are the cases where configuration matters. Do you allow 200 new connections / second and do you allow enough peers to be contacted. I've set my connection limit to 2k which wasn't even hit before download was completed. At least the Tails got quite nice face lift. Just great, it took less than a minute to find a first issue. The new menu which pops on screen from upper left corner did hang somehow also hanging the applications menu. Yeah, that's what you get when you do 'neat face lifts' and forget the functionality aspect.
  • Helped a friend to protect their website using CloudFlare. Site is now fully protected by CF ... All web and API traffic goes through it and direct access is blocked by firewall, except for a pre-listed set of IP addresses & ports.
  • Also wrote a script which automatically updates iptables rules based on known listed CloudFlare address pool including IPv4 and IPv6 addresses. Of course the input data is properly sanitized checked filtered and 'sanity checked'. So if it happens to receive some more or less random invalid or other malicious content it's getting properly filtered and ignored.
  • Studied Web PUSH. That's interesting and could be very useful for certain use cases. I'll have to write minimal test implementation. It seems that it's quite low level API so you can't implement it in an hour. But it's sure doable as soon as I really need it. Probably will take a day or two to get properly working unless hitting some really annoying hard to solve issues. Yet I would prefer having higher level API or library for getting the required stuff done.